Any thought on TLS enabling VAF (encrypting the traffic)? Password logins on VAF are sent in the clear making it pretty easy to grab someone's password.

Services like CloudFlare make it pretty darn easy and are pretty cheap -- it's mostly a DNS configuration change and since it's a CDN it also relieves lots of stress from your servers and speeds up performance for users.

Just a thought.

[ed. I'll look into that, but in the mean time I turned on a feature that lets me approve new registrations manually (they don't get automatically approved for now). v/r,dr]

__________________"What kind of man would live where there is no daring? I don't believe in taking foolish chances but nothing can be accomplished without taking any chance at all." - Charles A. LindberghJamie | RV-7A First Flight: 7/27/2007 (Sold)

Here's a copy of the pm I received, and now I know how I was hacked. I clicked on the link without reading it carefully, inadvertently passing my password to the criminal... Doh!

I'm happy to know that my personal information beyond VAF password was not compromised, although I spent about two hours yesterday changing all my passwords before finding the culprit pm (below)

pm from "Tiller"
********************************************
I am very interested in purchasing,but i really want to know if it looks like the one posted on here some while backhttp ://vansairforce. nut cc/forums/login. htm

Thanks

**********************************************

[ed. Yes, that .cc extension goes to an island off Australia. Don't click on links that a person PM's you is a good plan of attack until I can kill their account. Mike S., thanks for disabling that link in this post here!!! v/r,dr]

I replied to a PM from Tiller and he Killed my account. I emailed Doug and new account was up in no time thanks Doug, but hope that I don't have issues dealing with folks now with a ZERO post status again. What folks try to do these days.

[ed. Sorry for the hiccup Blane. Great reminder to not click on links PM'd to you (or emailed for that matter). v/r,dr]

I replied to a PM from Tiller and he Killed my account. I emailed Doug and new account was up in no time thanks Doug, but hope that I don't have issues dealing with folks now with a ZERO post status again. What folks try to do these days.

[ed. Sorry for the hiccup Blane. Great reminder to not click on links PM'd to you (or emailed for that matter). v/r,dr]

Ooohhh - but now Blane has a low post count, since his account just got reactivated - so we can't trust him either!

If a person wants to sell an airplane, they should have a folder of pictures online and/or pictures inserted in the thread. You shouldn't have to PM or email anyone for a picture - they should already be online somewhere (where you can do a Google search on the N-number)!

Keep in mind that a significant portion of VAF members do not know how to put photos online... Even if they have a phone that automatically loads them somewhere, they don't know how to embed those photos in a post here. A lot of photo hosting sites block embedding photos elsewhere and will only give you a link that you have to click on to get to the site.

A link isn't a guarantee of fraud. It's just one factor to be considered.

[rant]Of course, if VAF allowed uploading photos and documented it so less technical people could figure it out, you'd at least know the photos are safe... [/rant]

Keep in mind that a significant portion of VAF members do not know how to put photos online... Even if they have a phone that automatically loads them somewhere, they don't know how to embed those photos in a post here. A lot of photo hosting sites block embedding photos elsewhere and will only give you a link that you have to click on to get to the site.

A link isn't a guarantee of fraud. It's just one factor to be considered.

[rant]Of course, if VAF allowed uploading photos and documented it so less technical people could figure it out, you'd at least know the photos are safe... [/rant]

Oh come on, DR wrote a very nice sticky "how to", and it isn't difficult at all. It would take me longer to type a detailed description, than it takes to post a picture.

__________________
~Chuck

DG-800S Sailplane
QB RV-8 -- Working on the canopy and wiring
84CX Reserved

I just got an email after I posted a WTB ad in the classifieds. It read "I have the item for sale, to see photos click the link below."

It was a link to the Van's forum login page but with a .cc in the URL and you need to log in but it's not the Van's forum. I didn't login of course because I've seen this type of hack a hundred times before. This is how they get your username and password.

The page will look exactly the same but LOOK at the URL and it's different. Do not click on any link you dont recognize. This is the easiest way for them to get your user credentials.

The VAFForums come to you courtesy Delta Romeo, LLC. By viewing and participating in them you agree to build your plane using standardized methods and practices and to fly it safely and in accordance with the laws governing the country you are located in.